CTB (Crypto TOR BITCOIN) locker is the next generation of the shutdown Crypto locker Trojan. What kind of Trojan is it ? Well to explain that I will have to ask another question , ever heard of Ransomware ? No? Let me explain, a Ransomware is a kind of Trojan which locks your computer and asks for some xyz amount to unlock your computer. In other words a ransomware makes your computer its hostage and demands for a ransom.
Lets talk about the background of Ransomwares and how and where they are being made. Russian and Ukrainian cyber underground market is quite infamous. What it is running on , is , the services that they provide to criminals or whom ever is willing to pay. This started off with Spam bots used for spamming. Think, if you have to pay 1 million dollars to a company for your Ad campaign, then why not pay 1 thousand dollars to a spam bot master and get the same results. Botnets were next as they became the next biggest service in the Russian underground. If you wanted to DOS some one or DDOS some one you could just rent out a Botnet for X amount of money and do your thing, make newspaper headlines and then return, or you could buy it from the person selling the Botnet.
People in the Russian Underground market have been giving services for Ransomware, until the recent Cryptolocker crackdown. Now they have come up with a new Ransomware, The CTB Locker. Which is a very nasty Trojan. The encryption it uses to encrypt all the files in any infected computer, is, Elliptic Curve Encryption which means , if I put it simply, its impossible to decrypt without the proper decryption Key.
How does it infect the user’s computer (High level , semi technical steps):
- The User gets an email containing a zip file.
- Once the Zip file is opened it executes a dropper file. Typically droppers are the programs that connect remotely to the hacker’s controlled server and download and install the Trojan onto the user’s computer.
- The CTB-Locker , once executed, locks the computer and encrypts all the files.
- The User is given 96 hours to pay the ransom.
- Once the ransom is payed, the decryption key is sent.
More Technical details can be found here.
In our line of work i-e Cyber Security , we usually hear that humans are the weakest link in the security chain. As consultants we visit many clients and guess what they say when we ask them to install an antivirus or anti-malware solution on their computers. They say : “This is not important. I have nothing stored on my computer. If some hacker does get into my computer, he would find nothing.”
This is a typical reaction but what I tell them is that nowadays your computer is your responsibility. The phrase Harboring a fugitive should be applied here, if we map the real world to Cyber world. You are deliberately leaving your computer vulnerable and if your computer gets infected and becomes a part of a botnet and you take down some Government organization and when they come after you because they would have detected your IP. What would you say then?
Nowadays there is a threat of Cyberwar , Cyber espionage , APTs etc. When you connect your computer to the network or the internet, it is your responsibility to keep your computer from getting hacked.
That said, lets continue with how to protect from CTB Locker.
- Do not accept any file from an email sent by an unknown person, even if it says : “my_private_pics.zip”.
- Even if the email is from a person you know, do not open the attachment unless you confirm that it is really him, who sent the email.
- Keep you computer updated with all the latest patches. The applications you use, such as Java , Adobe , Winzip , Winrar etc, should be the latest versions.
- Your computer should have Antivirus (AV) and Firewall protection at all times. If you do not want to pay for an antivirus then go for AVAST.
- Install an anti-malware (AM) program such as Spybot or Malwarebyte.
This would keep you safe from 97% of the attacks but if you choose to disable the AV and the AM to check the my_private_pics.zip then the damage to your computer will be total human ERROR.